The line between security vs convenience can be a challenging line to navigate. I frequently speak with pastors and ministry leaders about how to protect an organization while still empowering users to accomplish their mission.
Security vs Convenience
Here’s the truth about security vs convenienc: The more secure you are, the less convenient it is for the users. The more convenient it is for the users, the less secure your church is and more open to attack. It concerns me that in 2025 many ministries still err on the side of convenience over security. Perhaps this is why cyber insurance and cyber liability coverage premiums are skyrocketing.
As you look to lead with technology, there are two aspects of security vs. convenience that I encourage you to invest time in evaluating. I believe these two should be non-negotiable and are critical if you want help with your next cyber coverage renewal.
RELATED: Windows 10 Is Ending Support
Two-factor authentication
Two-factor authentication (2FA) should be enabled on everything possible. Again, it’s not convenient; yet, while not perfect, it’s a tremendous safety net should a user be compromised. Two-factor, or multifactor, authentication cannot prevent a user from giving away his or her access through a phishing attempt, but it can stop the attacker from getting very far and allow the ministry valuable time to mitigate before much damage can be done.
Regular security training, testing
Security awareness training should be done every week. There are many providers who offer this service, but you really need to train and test more than once or twice a year. I recommend testing at least weekly as the best practice, and at least monthly as the minimum. My church, for instance, does three tests each week.
Ideally, if you are doing security awareness training consistently, and if you have 2FA enabled on everything, your security posture will be strong. This way, if a user does fail and give out his or her username/password as a result of a phishing attempt, 2FA will help your church avoid significant damage.
Think of your network access to your ministry’s email, management software and so on as the keys to your house. If, through a phishing attempt, I trick you into giving me the keys — without a second factor, like a code sent via text message or a 2FA authenticator app — I can walk right in. However, if I trick you into giving me the keys, but when I get to the door it requires your keys and a separate code, you’ve stopped me or at least really slowed me down.
